Re: [Leaf-devel] Multiple upstream links
Hi - On Tue, Aug 13, 2002 at 12:31:22PM -0500, Charles Steinkuehler wrote: Not that I have time to mess with this, but what's the current state of the art regarding multiple upstream internet connections and possible bandwidth sharing? I saved this posting from the netfilter list, I think it answers your question. Regards, // George Date: Tue, 2 Jul 2002 22:29:16 -0400 From: John Adams [EMAIL PROTECTED] Subject: Re: 2 ISPs on firewall To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] On Tuesday 02 July 2002 09:53 pm, Matthias Kattanek wrote: There seems to be lots of question about multihomed firewall/routers. I am in similiar situation. Having 2 ISP, where to provide services too. I managed to forward traffic to e.g. a web server in the DMZ zone. Main problem I encounter is that the response is always going out via the DEFAULT gateway on the router. (In my case one ISP doesn't like it and drops the response.) I was under the impression that connection tracking of Netfilter keeps track which interface the traffic came in and anticipated it would go out the same route it came from. What am I missing here? What does it take to make it happen? Do I just need additional rules for Netfilter? Would something like ip_conntrack_isp work out? Understood such module needs to be developed. Q just arises is that a way to go? Here's a script I use with iproute2. It gives two default routes with different weightings for different speed lines. johna GATEWAY0=216.254.97.1 GATEWAY1=65.185.37.22 NIC0=216.254.97.15 NIC1=65.185.37.21 route del default ip route add 0.0.0.0/0 via $GATEWAY0 table E0 ip route add 0.0.0.0/0 via $GATEWAY1 table E1 ip rule add from $NIC0 table E0 ip rule add from $NIC1 table E1 ip route add default scope global \ nexthop via $GATEWAY0 weight 6 \ nexthop via $GATEWAY1 weight 1 ip route flush cache -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] CVS structure ???
On Wed, Jul 10, 2002 at 02:19:58PM -0500, Michael D. Schleif wrote: [1] Should I have separate trees for different underlying versions of net-snmp? For example, I committed net-snmp v4.2.4. I am contemplating building and committing both v4.2.5 and the totally different distribution v5.x. So, one line of thinking is like this: devel/helices/net-snmp/v4.2.4/netsnmp.lrp devel/helices/net-snmp/v4.2.4/netsnmpd.lrp Looks good to me, would allow for recursive wget --no-parent or ncftp -R and version management would be a simpler. A copy of the current as devel/helices/net-snmp/current/netsnmpd.lrp or a zero legnth file devel/helices/net-snmp/current-is-v5.0.2 are also helpful; get devel/helices/net-snmp/current-* | sed | ncftpget -R v5.0.2 http://leaf.sourceforge.net/devel/helices/net-snmp/ presents several TXT files that, once clicked on, present descriptive text regarding the LRP's that reside in versioned directories below this one. Another example is Jacques Nilo's http://leaf.sourceforge.net/devel/jnilo/ wonderful page that links to installation and troubleshooting information. How are we to do this under cvs? I would put the txt files in the version directores for which they belong. At some point (maybe even by a cgi to select components) a custom disk image might be generated, such a program would have no trouble separating out .txt and .lrp files. // George -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] CVS structure ???
On Wed, Jul 10, 2002 at 01:01:27PM -0700, Jeff Newmiller wrote: On Wed, 10 Jul 2002, Michael D. Schleif wrote: CVS is designed to handle directories full of information... so a directory tree of html documents is a natural thing to enter. An idea... net-snmp/ README.txt package/ net-snmp.lrp target/ etc/ blahblah usr/ bin/ snmpbinary ... doc/ index.html images/ image1.jpg ... src/ sourcefiles... Let CVS deal with versioning. Yeah, I was thinking about http/ftp access. Looks good. // George -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Re: is Bering GNU?
George, David has a proposed solution for building our releases/branches from cvs. It's similar to the BSD ports system. Any feedback you have on David's proposed src build solution is welcome. http://cvs.leaf-project.org/cgi-bin/viewcvs.cgi/leaf/devel/ddouthitt/base/ This looks excellent! // George -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] is Bering GNU?
On Sat, Jul 13, 2002 at 08:47:58AM +0200, Etienne Charlier wrote: 0. It's quite amazing that such a great product has been developed and integrated by a few people during part time ( when do they sleep ??? ) Yes it is a fantastic project. I only want the distribution presented in a way that makes it possible for more people to modify or contribute to the projects development. 1. I'm not a leaf contributor. I just use the binaries ... and I like them You looked at the sourceforge.net but you missed the most usefull part of the site the mailing list archive ( a gold mine for the one who try to use it ) Explaining how I arrived at my problems would be very difficult and time consuming, because the issues come from a very heavily modified distro, I don't expect people to take the time to understand all my changes. What I would like to see is an environment where I can communicate all this in a standard way so it's practical for others to think about what might be wrong with my picture. I did write an image extractor which I'll post shortly, this might help with such communications. 2 This list was the most polite and fair a ever seen ... till you came ( maybe i'm a little bit too hard but I cannot express it more correctly ) (remember the dns resolver thread ??? ) I apologies if I hurt anyone's feelings. If I understand your meaning, I do try to be polite at all times, if there is one place I'm least polite it's probably technical communications. Sometimes politeness can be difficult in technical forum, I can work on this. I really appreciate responses (public/private) that engage the issues; I'm not out to make anyone feel bad and I see no benefit from that anyway. No promises, but your feelings for me might improve. I hope so anyway. 3 You seem very upset by not being able to {use | install} bering on your system and you feel better if you can put the responsability on someone else. I'm using Bering very differently than most users, isp verses home / small office. My needs are very different, it would be good if modifications and sharing thereof were easier. This is what I'm working towards. // George -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] image extractor program
Below is a little script to mount and extract an image in a way that will allow for editing and repackaging of the lrp modules. It uses tmp files but eventually creates (replaces) a directory called lrp-super, which contains a directory for each lrp module and the root filesystem per the package below it. (see the second find output below) I plan to borrow some code from lrcfg to repackage and add some new code to manage the other critical files and reconstruct the image. I wanted to post this now for comments. Here is an example of the (extend image) command line usage and the nature of the result. $ extimg ../orig/Bering_1.0-rc3_img_bering_1680.bin $ find lrp-super/ -type d -maxdepth 2 | sort lrp-super/ lrp-super/bridge lrp-super/bridge/etc lrp-super/bridge/usr lrp-super/bridge/var lrp-super/dhcpd lrp-super/dhcpd/etc lrp-super/dhcpd/usr lrp-super/dhcpd/var lrp-super/dnscache lrp-super/dnscache/etc lrp-super/dnscache/usr lrp-super/dnscache/var lrp-super/etc lrp-super/etc/etc lrp-super/etc/var lrp-super/keyboard lrp-super/keyboard/etc lrp-super/keyboard/usr lrp-super/keyboard/var lrp-super/local lrp-super/local/usr lrp-super/local/var lrp-super/log lrp-super/log/var lrp-super/modules lrp-super/modules/etc lrp-super/modules/lib lrp-super/modules/var lrp-super/ppp lrp-super/ppp/etc lrp-super/pppoe lrp-super/pppoe/etc lrp-super/pppoe/usr lrp-super/pppoe/var lrp-super/ppp/usr lrp-super/ppp/var lrp-super/pump lrp-super/pump/etc lrp-super/pump/sbin lrp-super/pump/var lrp-super/root lrp-super/root/bin lrp-super/root/initrd lrp-super/root/lib lrp-super/root/root lrp-super/root/sbin lrp-super/root/usr lrp-super/root/var lrp-super/shorwall lrp-super/shorwall/etc lrp-super/shorwall/sbin lrp-super/shorwall/var lrp-super/tc lrp-super/tc/sbin lrp-super/tc/var lrp-super/weblet lrp-super/weblet/etc lrp-super/weblet/usr lrp-super/weblet/var #!/bin/sh [ -z $1 ] echo 'Supply image file to mount and extract' exit [ -z '`du $1 | grep 1688`' ] echo 'Supply image file to mount and extract' exit s=`date +%s` mnt='lrp-mnt-'$s mkdir $mnt super='lrp-super-'$s mkdir $super mount -oloop $1 $mnt cd $super pkgs=`ls ../$mnt/*lrp | sed -e 's/^.*initrd.lrp//'` for pkg in $pkgs ; do name=`echo $pkg | sed -e 's/^.*\///' -e 's/.lrp$//'` mkdir $name cd $name tar xzf ../$pkg cd ../ done cd .. rm -rf lrp-super mv $super lrp-super umount $mnt ; rm -rf $mnt exit 0 // George -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] is Bering GNU?
On Sat, Jul 13, 2002 at 08:42:07AM +0200, Jacques Nilo wrote: Georges: If you do not feel confortable using Bering, please do not use it. Bering has been developped by me and Eric as a hobby, on our spare time outside of our regular jobs. I do feel it is an innovative quality project. Please don't take my criticism personally. I really intended my remarks as constructive criticism. I don't want this thread to get out of hand so I'll refrain from adding details and focus on being as constructive as I can. What invoked my letter was realization that I needed to script a package extractor/compressor and that many of the hurdles I have overcome would have been much easier if the distro (and I should speak only of Bering, because I need the 2.4 kernel, and it's the only leaf I've used.) was presented differently. For example, as a tgz that extracts into an expanded root filesystem (or root file system for each package; not sure which would work) and scripts to make the packages and make a floppy image with a new timestamp. This would afford quick maintenance and modifications in a full environment. I will likely put this together from scratch if none of the components already exist to do this. (BTW - I am very pro opensource/GNU and don't feel the need to keep under wraps any of my work, accept that which might be a direct conflict of interest with my employer. I can't imagine being involved with any software-for-sale project, either. I didn't mean, I'm here to enforce GNU as much as I meant, This GPL project seems different then other GPL projects I've worked on, it's difficult to customize the package.) A lot of a effort has been put in the doc: see the installation user's guide. Most of technical related questions are answered (if time permits) with the help of the LEAF community through the mailing list. A developer's manual is on my todo list but it also a fact that people are for some strange reason always quicker to criticize that to help writing up a chapter of the user's guide ... I'm sorry. I know this is true. Maybe I can contribute some doc at some point in the near future. I have picked up and set down some version of LRP several times in the last ~18 months, always with the feeling of being overwhelmed with links to sites of documentation which ultimately didn't answer my question. It was your guide Jacques, that has been the most helpful. I didn't mean to make any point regarding doc beyond that a 100 line quick start would be really helpful: some definitions, anomalies, intro to package format and image manipulation -- just the sundry facts, what to do without the details of how it's done. I would provide it today if I could, but maybe in a few weeks :) I will try to fully address everyone else's opinions of my post soon; but after reading them I would like to briefly say, 1) criticism (and not necessarily constructive criticism) is an important aspect of opensource development and peer review, and does not necessarily correlate with gratitude. And 2) I see personal attacks in public forum shortsighted and hypocritical. Bon Bastille Day! (my French is almost nonexistent but for those celebrating, I wish you a joyous independence) Regards, // George Le Samedi 13 Juillet 2002 07:55, George Georgalis a écrit : Is Bering GNU? I'm beginning to have my doubts. Where is /usr/src/linux/.config? Where are the other compile time options for other binaries? Just how was Bering_1.0-rc3_img_bering_1680.bin made? After spending a good part of a week, and _all_ day Friday getting up a Bering router before a deadline -- subsequently missing the first day of a conference http://h2k2.org -- I looked back at what was the problem. I discovered I was hacking around a product (the Bering image) much like the manner of before I used Linux. I have this disk image, that I mount to find, compressed archives, containing finely tailored scripts and a handful of binaries. Together they make up the GNU Bering. (And maybe other leaf versions as well.) I have hunted all over http://leaf-project.org and http://leaf.sourceforge.net/ for the source, or even a file that says version xx.yy.zz of busybox was compiled with the following patch and compile time options. Or maybe a tgz of the /usr/local/src/bering where the image was made? Nothing. I find myself writing scripts to extract and compress lrp files. Surely everyone doesn't gzip -c9 what they made by tar cf after mounting and extracting their first floppy image? Is this the intended way to indoctrinate new developers to the old school? I even asked a few well read LUG groups what the lrp format was, or how I could run the lrcfg that I read about without actually booting the distro. Nobody knew because the design is not conducive to group development, it's intended use is like that of proprietary software -- take the binary, configure it with the configuration menu and be like everyone else. Okay, I just found
[Leaf-devel] can't login
Hi, I've been making .lrp's touching rsyncing dding calling remote hands to swap floppies and reboot *all* day, so please forgive me if I've missed something obvious. There doesn't seem to be any /bin/sh in Bering rc3? Should /etc/passwd read /bin/tinylogin for root??? Also I'm getting these every 10 seconds Jul 12 21:25:40 firewall /sbin/getty[31530]: /dev/tty1: cannot open as standard input: Operation not supported by device Jul 12 21:25:40 firewall /sbin/getty[31531]: /dev/tty2: cannot open as standard input: Operation not supported by device I guess because there is no keyboard? I don't really want to comment out the mgetty lines in /etc/inittab because I might use this image with a keyboard. Does the message really need to be logged by syslogd? What's the best way to blank it without preventing some other important messages? The permissions on /root/ aren't 700, can that be fixed? Thanks, // George -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by:ThinkGeek Gadgets, caffeine, t-shirts, fun stuff. http://thinkgeek.com/sf ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] is Bering GNU?
Is Bering GNU? I'm beginning to have my doubts. Where is /usr/src/linux/.config? Where are the other compile time options for other binaries? Just how was Bering_1.0-rc3_img_bering_1680.bin made? After spending a good part of a week, and _all_ day Friday getting up a Bering router before a deadline -- subsequently missing the first day of a conference http://h2k2.org -- I looked back at what was the problem. I discovered I was hacking around a product (the Bering image) much like the manner of before I used Linux. I have this disk image, that I mount to find, compressed archives, containing finely tailored scripts and a handful of binaries. Together they make up the GNU Bering. (And maybe other leaf versions as well.) I have hunted all over http://leaf-project.org and http://leaf.sourceforge.net/ for the source, or even a file that says version xx.yy.zz of busybox was compiled with the following patch and compile time options. Or maybe a tgz of the /usr/local/src/bering where the image was made? Nothing. I find myself writing scripts to extract and compress lrp files. Surely everyone doesn't gzip -c9 what they made by tar cf after mounting and extracting their first floppy image? Is this the intended way to indoctrinate new developers to the old school? I even asked a few well read LUG groups what the lrp format was, or how I could run the lrcfg that I read about without actually booting the distro. Nobody knew because the design is not conducive to group development, it's intended use is like that of proprietary software -- take the binary, configure it with the configuration menu and be like everyone else. Okay, I just found the developer.rtf and scanned the whole thing. Formidable task, but I only see part of the forest and none of the trees. I already know linux and there seem to be some very specific LRP details in there, but will it be done before it's out of date? I'm not saying produce a `./configure make make image` but if the environment for building the release was published, or easier to find, I'm sure there would be a lot more community support. At one point I kicked myself for not looking in CVS before, but when I got in there, was in disbelief -- no source, only doc. So now I have problems with my image to resolve, why do those Belkin cards detect as reltek under RH but, none of the Bering modules will work with them??? How will I ever get my tulips back from my boss so I can test an image at home? What am I going to do about making an image and quickly changing a few parameters (ssh host keys, network, firewall and other site information) or major structure (LaBera, ppp, ipsec, dns) without spending a ton of time hand extracting and compressing components? I'm going to make my own distribution. reBering. Complete with scripts to mount and extract all the subcomponents, global configure, mix'n'match packages, compress and unmount. Only I don't think I can call it GNU because since I'm in a hurry, I won't have time to reverse engineer the compile time options and source. I'd rather work on putting it on an eprom anyway. In all sincerity, Bering is very cool. It could just be a lot better if it was more in the spirit of _encouraging_ open source development rather than barley qualifying, actually I bet if it was audited, it wouldn't pass. If there are scripts to tar and gzip a lrp package, why aren't they part of a tools.tgz right beside package_src.tgz and compile_configs.tgz next to the Leaf_UML packages and extraction instructions for odd archives? I know asking for doc is a lot, but maintaining a file of command lines used to make the binaries from source would be an excellent first step. // George -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] problem with bering host lookups
I just remembered, my bering distro won't do hostname lookups. resolv.conf is okay hosts.allow/deny are okay the route is okay ping galis.org just hangs. not sure how else to look up a name, am I missing a package? What could be wrong? It does ping ip addresses. // George -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] lrp partition size...
Just subscribed to this list... but I have been browsing the archives. I'm working on an lrp image, and I clearly don't have the partitioning down right. # df -h FilesystemSize Used Available Use% Mounted on /dev/root 6.0M 3.4M 2.6M 57% / tmpfs30.7M 0 30.7M 0% /tmp tmpfs 2.0M 2.0M 0 100% /var/log How does one go about changing them? This is a Bering distro. Also I noticed the new ssh looks like it can be compiled without zlib, saving ~24k. Anyone more experienced putting that together? // George -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] lrp partition size...
On Wed, Jul 03, 2002 at 07:40:45PM +0200, K.-P. Kirchdörfer wrote: Am Mittwoch 03 Juli 2002 19:26 schrieb George Georgalis: Just subscribed to this list... but I have been browsing the archives. I'm working on an lrp image, and I clearly don't have the partitioning down right. # df -h FilesystemSize Used Available Use% Mounted on /dev/root 6.0M 3.4M 2.6M 57% / tmpfs30.7M 0 30.7M 0% /tmp tmpfs 2.0M 2.0M 0 100% /var/log What's wrong? mountpoints / and /var/log can be changed in /linuxrc. To add partitions modify /etc/fstab. Don't worry about /tmp this is just what's available for /tmp but could be shared with your RAM needs. Thanks, I'm sure /linuxrc will solve my problem. I ran a loop that filled the partition with wtmp entries, actually is wtmp necessary at all? // George -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] lrp partition size...
On Wed, Jul 03, 2002 at 07:40:45PM +0200, K.-P. Kirchdörfer wrote: Am Mittwoch 03 Juli 2002 19:26 schrieb George Georgalis: Just subscribed to this list... but I have been browsing the archives. I'm working on an lrp image, and I clearly don't have the partitioning down right. # df -h FilesystemSize Used Available Use% Mounted on /dev/root 6.0M 3.4M 2.6M 57% / tmpfs30.7M 0 30.7M 0% /tmp tmpfs 2.0M 2.0M 0 100% /var/log What's wrong? mountpoints / and /var/log can be changed in /linuxrc. To add partitions modify /etc/fstab. Don't worry about /tmp this is just what's available for /tmp but could be shared with your RAM needs. Where is /linuxrc stored? I normally edit the *.lrp files, but I can't find it in root.lrp or etc.lrp? // George -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel